Problem statement
An application has been configured in a tenant. It is required to provide SSO via a SAML connection to more than 100 ‘downstream’ customers so that each can access this specific application.
This tenant is linked to an Enterprise subscription plan. Explain the following:
- Whether there is a limit to the number of SAML connections that can be created within this tenant
- If it is possible to create 1000 SAML connections, can these 1000 connections be linked with a single Application?
Solution
Subscription entitlement
In general terms, the maximum number of Enterprise connections (including SAML) available within a tenant will depend on:
- The type of use case ( B2B or B2C ).
- The details of a customer’s subscription plan.
For example, at the time of this writing ( February 2024 ), the number of Enterprise connections available for B2B-focused subscription plans is:
- Free: none
- Essential: 3
- Professional: 5
- Enterprise: customized offering
NOTE: the permitted enterprise connections can be of any type. For example, ‘Essential’ could have identical types of connections (e.g. 3 x SAML ) or they could be mixed in any combination ( e.g. SAML, Google Workspace, Ping Federate ).
For the most up-to-date information, refer to the pricing policy page: Flexible pricing for companies and developers
Entity Limits
In addition to potential limits on the number of permitted Enterprise connections, Auth0 enforces a range of entity limits on a range of product features: These include:
- A maximum of 50 tenants per customer.
- Constraints on the size and scope of Organizations.
- Limits on Authorization Core Role-Based Access Control (RBAC).
For a complete description, refer to Entity Limits Policy.
Enterprise connection limits
As described in Enterprise Subscription Limits, enterprise customers may potentially have an unlimited number of connections, of all types ( including SAML).
With regards to the original question, it is certainly possible to create 1000 SAML connections and to link them with a single Application. However, anything over 100 connections per client application can be confusing and difficult to manage. For example, consider the case where a single client application has 200 connections enabled. If a Management API request is made to get a list of all the connection_ids for that client, only the first 100 will be returned in that list due to the way the endpoint is paginated.
In summary, even in cases where Auth0 does not enforce a hard limit on the number of applications or connections that are created, there are practical limits in terms of performance and manageability. This fact needs to be considered when planning to configure a large number of connections or applications within a tenant.